Single Sign On (SSO) for Organizations

Organizations now have the option to set up Single Sign On (SSO) for Miradi Share using their organizational identity manager. Some of the many benefits of using organizational SSO include

• Easier for Miradi users: Miradi users do not need a separate username and password for Miradi. They can log in to Miradi Share using their organizational login.
• Enhanced security: Miradi access is determined by organizational account status. For example, if a Miradi users leaves an organization and their account is disabled, they can no longer log in to Miradi Share using that account.
• No changes for existing Miradi users: Once organizational SSO is enabled, Miradi users automatically have access to all the same content in Miradi.

Learn more about

• Miradi Share SSO
• Setting up SSO for your organization
• Transitioning Miradi users to use of organizational SSO
• Access to Miradi API still requires Keystone login

Miradi Share SSO

Miradi Share uses the OpenID Connect standard supported by Microsoft, Google etc. 

Setting up SSO for your organization

Organizations interested in setting up organizational SSO should contact the Miradi team with an expression of interest in SSO. Note that there is a modest one-time cost associated with enabling SSO for your organization, as well as an annual maintenance fee scaled to the size of your organization's Team Plan.

When submitting your request for SSO information, it would be helpful (but not necessary) if you could share the following information:

• Your organization's identity provider, e.g. Azure Active Directory (now Microsoft Entra ID), Google, or something else
• Organizational security requirements for SSO

Once the Miradi team receives your request, we will set up two meetings with your organization. Please plan to include an organizational sysadmin team member in these meetings. The initial meeting will cover organizational and technical requirements for setting up SSO, as well as the cost for this feature. The second meeting will address technical details with your sysadmin team.

Transitioning Miradi users to organizational SSO

Once your organization has enabled organizational SSO to Miradi Share, all of the Miradi account holders from your organization should be able to log in using the organizational email address. There will be no extra work for Miradi program managers. Miradi account holders should automatically have access to the same Miradi projects and program spaces.

Learn more about supporting Miradi users through the switch to SSO:

• Existing Miradi account holders
• Updating existing Miradi account to organizational email address
• New Miradi accounts
• Project and program members outside organization

Existing Miradi account holders: Login using organizational accounts

Once SSO is enabled, existing Miradi account holders whose Miradi accounts are already set up with their organizational email address can log in using their organizational email address. (Learn more about changing the email address associated with an existing Miradi account.) In the Login widget, enter the user's organizational email address and click Next.

Miradi will then direct the user to the organizational identity manager (e.g. Google, Microsoft, etc.) to sign in using their organizational password and any two-factor authentication methods required by the organization.

Once a Miradi user logs in using SSO, they should have access to all the same project and program information.

Updating existing Miradi account to organizational email address

Some organizational Miradi users might have set up their Miradi accounts using a personal email address (e.g. gmail, hotmail, etc). In some cases, users will want to update their Miradi account to use their organizational email address once SSO is enabled. Learn how to change an email address associated with a Miradi account.

New Miradi accounts: Create Miradi accounts using organizational accounts

For members of an organization with SSO enabled who are setting up new Miradi accounts, simply follow the standard Create a Miradi Account process and use an organizational email address. 

Miradi project and program members from outside the organization

Organizational SSO only applies to Miradi accounts using the organizational email domain. If you have invited partners from other organizations to your Miradi projects or program spaces, those Miradi users will need to continue logging in as usual using their own Miradi accounts. This will take them to Keystone for account validation.

Access to Miradi API still requires Keystone login

If you are using the Miradi Share API, your program will still need to use your Keystone login credentials when accessing the API. Both your Keystone login credentials, and organizational credentials can be used to log into the Miradi Share application for testing purposes.